Hi Ezra,
Thanks. Your plugin looks really interesting.
What I am currently trying to do is check if a role has
Create/Read/Update/Delete rights on a post. This should be stored in the
database too. So, in my case there’d also be a posts_roles table. I
haven’t
implemented anything yet (besides giving users one or more roles).
Like I said, I don’t want to hardcode the rights for a role. Instead I
want
to lookup the roles’ rights for a post in the database. Does/will your
ACL
provide for something like this?
Thanks,
Mischa.
“Ezra Z.” [email protected] wrote in
message news:[email protected]…
Mischa-
You might want to look at my acl_system plugin. It handles role
permissions
like you want in a more secure way.
http://brainspl.at/articles/2006/02/20/new-plugin-acl_system
Example:
class PostController < ApplicationController
before_filter :login_required, :except => [:list, :index]
access_control [:new, :create, :update, :edit] => ‘(admin | user |
moderator)’,
:delete => ‘admin & (!moderator & !blacklist)’
Cheers-
-Ezra
On Feb 23, 2006, at 11:43 AM, Mischa B. wrote:
Hi,
Sorry for reposting, but my date was set 1-feb today (don’t ask) and I’m
not
sure if this gets read…
My question is about this method:
Returns true for the (saved) user called “admin”
def is_the_administrator
true if save and name == “admin”
end
The method returns true if the user’s name is admin. However, I only
want to
return true if the state of the object is “saved”, so I call the save
method
first.
I’m doing this because…
Once the admin is created I don’t want anyone to be able to change the
name.
I implemented this like this in the view:
<% if @user and @user.is_the_administrator %>
<%= text_field “user”, “name”, :disabled => true %>
<% else %>
<%= text_field “user”, “name” %>
<% end %>
However when someone else tries to change their name to “admin”, the
text_field will be disabled too. The object is not saved, because of the
validation (validates_uniqueness_of :name). So I only want the field to
be
disabled if the object is saved. The way I implemented it now works, but
I’m
guessing there’s a better way to do this.
Any ideas?
Thanks!!
Rails mailing list
[email protected]
http://lists.rubyonrails.org/mailman/listinfo/rails
Rails mailing list
[email protected]
http://lists.rubyonrails.org/mailman/listinfo/rails